DNSSEC

DNSSEC (DNS Security Extensions) is a technique for securing the Domain Name System. It is a set of extensions to DNS, which provide end-to-end authenticity and integrity and was designed to protect the Internet from certain attacks.

There are several distinct classes of threats to the DNS, most of which are DNS-related instances of more general problems, but a few of which are specific to peculiarities of the DNS protocol.

All answers in DNSSEC are digitally signed. By checking the signature, a resolver is able to check if the info is identical (correct and complete) to the info on the authoritative server.

DNSSEC is still under development at IETF but will be ready for deployment soon.

DNSSEC Testbeds

Currently, several DNSSEC 'testbeds' are run, for example in the Netherlands (.nl) and Sweden (.se). The goals of these testbeds are:

• Gathering knowledge on how to introduce DNSSEC in a Top Level Domain, or TLD;
• Testing of DNSSEC prodecures (key rollover, unscheduled key rollover, etc.);
• Explaining DNSSEC technology and procedures to zone administrators;
• Trying to pin down certain DNSSEC parameters (Cryptographic_key length, signature lifetimes, etc).

External Links

• Dnssec.net - Securing the Domain Name System
• DNSEXT Working Group at IETF.org
• DNSSEC testbed in the Netherlands (.nl ccTLD)

This article is a stub. You can help Wikipedia by fixing it.